FatManTerra Recently has been keeping an eye on this exploit, remember few days ago a hacker who exploited this same bug drained over $88 Million few days and also got airdrop of 2.1 Million LUNA 2.0 (Currently at $8) by buying UST at $0.10. I don’t know if it’s the same hacker or not looks like someone is not done abusing this exploit.
Mirror Protocol is being exploited again as we speak, and the devs are completely MIA. So far, the attacker has drained over $2m and counting – the attack will get worse when markets open tomorrow unless the dev team steps in and fixes the price oracle.
A bug in the pricing oracle is telling the system that LUNC is worth around 5 UST when it’s actually under a microcent. For $1k in LUNC, an attacker can now load up on $1.3m in collateral but can pull out real assets by borrowing. Example tx: https://finder.terra.money/classic/tx/F830681D8FEACC4DA67E84D40C49F0FF805609F2BB5CCC39A0EFE66257F2D791
So far, the mBTC, mETH, mDOT and mGLXY pools have been drained. In around 12 hours, the market feed will kick in, and the attacker will be able to drain all of the mAsset pools (such as mSPY and mAAPL, mAMZN, etc.) – most of the pools can still be saved.
Please look into fixing the LUNC price oracle, because in a short while, all liquidity pools will be drained, Mirror will accrue irremediable bad debt, and the system will collapse in on itself. This is not the time to be negligent